Click here to Skip to main content
15,389,877 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
$sql = "UPDATE `kid` SET `kimg`='$im',`ad`='$ad',`yazar`='$yz',`yv`='$yv,`ft`='$ft',`stok`='$st' WHERE id=$br";


if ($conn->query($sql) === TRUE) {
echo "günçeleme başarılı";
} else {
echo "Error: " . $sql . "
" . $conn->error;
}
}

# code...
else {
echo "Error updating record: " . $conn->error;
}
$conn->error;

$conn->close();

What I have tried:

$sql = "UPDATE `kid` SET `kimg`='$im',`ad`='$ad',`yazar`='$yz',`yv`='$yv,`ft`='$ft',`stok`='$st' WHERE id=$br";
Posted
Updated 22-Jun-22 10:25am
Comments
Richard Deeming 23-Jun-22 4:51am
   
Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation/interpolation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]
PHP: Prepared statements and stored procedures - Manual[^]

Please.... check your SQL ;)

$sql = "UPDATE `kid` SET `kimg`='$im',`ad`='$ad',`yazar`='$yz',`yv`='$yv,`ft`='$ft',`stok`='$st' WHERE id=$br";


$sql = "UPDATE `kid` SET `kimg`='$im',`ad`='$ad',`yazar`='$yz',`yv`='$yv',`ft`='$ft',`stok`='$st' WHERE id=$br";


Focus on:
,`yv`='$yv,`ft`='$ft'
should be 
,`yv`='$yv',`ft`='$ft'
          ^
   
v3
I'm tired of you, sorry, thank you very much
   
Comments
0x01AA 22-Jun-22 16:27pm
   
?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900